Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We
also use these cookies to improve our products and services, support our marketing
campaigns, and advertise to you on our website and other websites. Some cookies may continue
to collect information after you have left our website.
Learn more (including
how to update your settings) here.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the
license provided by that third-party licensor. Splunk is not responsible for any third-party
apps and does not provide any warranty or support. If you have any questions, complaints or
claims with respect to this app, please contact the licensor directly.

To install your download

For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

VulDB Vulnerability Management

Splunk AppInspect Passed

Overview

Details

VulDB is the number one vulnerability database documenting and explaining security vulnerabilities and exploits since 1970. The VulDB app for Splunk integrates vulnerability data from VulDB into Splunk to enhance vulnerability management and threat intelligence.

You need to link the Splunk app to your VulDB account to use the API credits to fetch the data. The amount of available API credits is defined by the license of your account (free, commercial or enterprise).

More information is available at https://vuldb.com/?doc.splunk

The Splunk App for VulDB integrates vulnerability intelligence from VulDB into Splunk. The app communicates with VulDB by using its API and requires a valid API key as well as sufficient API credits.

Setup

Installation

Log in to Splunk with an administrative account

Click on the gear icon (Manage Apps)

On the next screen, click on the button labeled Install app from file

Click on the button Browse... and browse to the location of the the VulDB Splunk App file (VulDB-Splunk-App.tar.gz), then select that file and click Open in the file browser dialogue. Now the name of the file appears next to the button Browse....

Check the checkbox Upgrade app to upgrade any older versions of the app should they exist

Click the button labeled Upload

Initial Configuration

Before configuring the VulDB Splunk App for the first time, make sure that you have a valid API key and a sufficient amount of API credits. If in doubt, log in to your VulDB account and check your profile

The VulDB Splunk App defines a new modular input type that is used for retrieving data from VulDB. Navigate to the menu Settings / Data inputs and click on + Add new.

Note: if the app has been configured previously, this step is typically not required as the required configuration should already be present.

Give the new modular input a name, for example VulDB-datasrc and insert your API key into the field "VulDB API key". Optionally, you can specify a proxy server for outgoing connections, i.e. connections to https://vuldb.com from your Splunk server. You can also choose the language for the data fetched from VulDB, the choices are (actual setting in parentheses):

English (en)

German (de)

Spanish (es)

French (fr)

Italian (it)

Polish (pl)

Swedish (sv)

Clicking on Next which will save your configuration and download an initial chunk of data from the VulDB (see below).

The VulDB Splunk App downloads data from https://vuldb.com in chunks of 100 database entries and it checks for new data once per hour. Upon initial data download (i.e. no data has been downloaded previously or data is older than one month), the App attempts to download all data from VulDB that is newer than one month.

Note: this will consume roughly 1'000 API credits (or more), depending on your choice of fetching details and on the amount of vulnerabilities in VulDB for that period.

Usage

When you access the Splunk App, you are presented with an overview dashboard. This dashboard shows some statistics and visualizations of the VulDB data present in your Splunk instance. All visualizations in the overview have drilldowns defined, i.e. clicking on the numbers or graph elements will open a new window containing relevant data and details.

Dashboards

Some predefined dashboards are included with the app. They can be accessed through the menu Dashboards in the menu bar.

You can always add your own dashboards or alter the existing ones. If you choose to change any of the predefined dashboards be aware that this may lead to non-functioning drilldowns in other dashboards.

Reports and Saved Queries

Currently, only one saved search is included with the VulDB app - it will show the VulDB log entries. Feel free to add your own searches as you see fit.

Custom Searches

The VulDB app creates Splunk entries with a sourcetype of VulDB. Therefore you can use sourcetype=VulDB to restrict Splunk searches to VulDB data.

Logging

The VulDB Splunk App logs events to the splunk logs. A saved search is included in the VulDB app that allows you to retrieve the VulDB App logs, please click on the Reports menu access the saved search.

Changing the Splunk App Configuration

The configuration of the VulDB data source (modular input) can be changed. Click on Settings / Data inputs / VulDB, which will show the previously defined input (or an empty list if you haven't defined the input yet). Clicking on the name of the input allows you to change its parameters.

Updating the App

For instructions on how to update Splunk apps, please refer to the official Splunk documentation

Deleting the App

For instructions on how to disable or delete Splunk apps please refer to the official Splunk documentation

Bear in mind that deleting the app will remove the defined modular input but will not remove the VulDB data already present in your Splunk instance.

Help and Support

Please check the documentation or contact the support team if you have any questions.

AppInspect Tooling

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.